Customer-facing computing systems, such as point of sale (POS) systems and automated access control systems, commonly incorporate security mechanisms designed to reduce losses by boosting accuracy and security for the trusted transactions those systems support. Toward this end, some organizations have sought to leverage biometric technology to improve convenience, satisfaction, security, and profitability.
For example, organizations such as theme parks may use biometric technology in the form of fingerprint readers to allow authorized guests to more easily re-enter theme parks, while at the same time reducing ticket fraud by preventing unauthorized use of theme park tickets. Also for example, organizations such as casinos may use biometric technology in the form of facial recognition to improve customer loyalty programs while reducing casino risks by identifying card counters, cheaters, and even gambling addicts. Also for example, government organizations may use biometric technology to improve targeted services such as identification cards, benefits programs, background checks, passenger screening, suspect identification, and visitor tracking.
Each of the previously mentioned uses of biometric technology is a form of user identification. Such use allows an organization to identify a person by matching the biometric indicator to a previously-recorded biometric indicator to verify that person's identity claim. Biometric indicators may be defined as features that are expected to be unique to a single person. For example, biometric indicators may be either physiological or behavioral. Physiological biometric indicators include deoxyribonucleic acid (DNA), facial features, fingerprints, iris, voice, and hand geometry, as well as other measurable physical traits. Behavioral biometric indicators include gait, speech patterns, and typing patterns, as well as other measurable behavioral traits.
Biometric technology has become popular because of its utility for authorizing users to gain access to a resource while denying unauthorized users access to that resource. Many biometric indicators, such as fingerprints, may be captured without inconvenience to the user and may even be collected without the user's knowledge or consent. However, the fact that biometric indicators can be easily and quickly measured is also the biggest threat to using biometric indicators as an authentication trigger. Specifically, biometric indicators may be difficult to keep secure. For example, the fact that biometric indicators are largely immutable and vulnerable, they may be at risk of being compromised, lost, or stolen. For similar reasons, recovery from a biometric indicator breach may be difficult.
Given the sensitivity of biometric indicators to breach, maintaining the trusted nature of biometric capture equipment is often important. Such trusted equipment deployed in a networked environment is often uniquely addressable using an identifier standard commonly employed in software construction, often referred to as a universally unique identifier (UUID) or, alternatively, as a globally unique identifier (GUID). The intent of UUIDs is to enable distributed systems to uniquely identify information without significant central coordination.
For purposes of this disclosure, the word “unique” should be taken to mean “practically unique” rather than “guaranteed unique”. For example, and without limitation, a UUID may comprise a 128- or 256-bit value, the meaning of each bit of which may be defined by any of several variants so as to achieve practical uniqueness across space and time. That is, because the identifiers have a finite size, it is possible for two differing items to share the same identifier, which is a form of hash collision. The identifier size and generation process need to be selected so as to make collision sufficiently improbable in practice. A UUID for a device should be created so as to establish reasonable confidence that the same identifier will never be unintentionally created to identify some other device. Information labeled with UUIDs can therefore be later combined into a single database without needing to resolve identifier conflicts.
To further reduce the chances of collision, a “guaranteed” UUID may contain a reference to the network address of the trusted equipment that generated the UUID, a timestamp (e.g., a record of the precise time of a transaction request), and a randomly generated component. Because the network address identifies a unique device, and the timestamp is unique for each UUID generated from a particular host, those two components are considered in the computing industry to sufficiently ensure uniqueness. A randomly generated element of the UUID may be added as a protection against any unforeseeable problem.
Also for purposes of definition, an Internet Protocol address (IP address) is a numerical label assigned to an automated device (e.g., computer, printer) configured to participate in a computer network that uses the Internet Protocol for communication. An IP address serves two principal functions: host or network interface identification, and location addressing.
This background information is provided to reveal information believed by the applicant to be of possible relevance to the present invention. No admission is necessarily intended, nor should be construed, that any of the preceding information constitutes prior art against the present invention.